<?php
/*
+--------------------------------------------------------------------------
|   AffiliStore 2
|   ========================================
|   Web: http://www.affilistore.com
|   Email: admin (at) affilistore (dot) com
|	License Type: AffiliStore 2 is NOT open source software and limitations apply 
|   Licence Info: Visit AffiliStore website and click on 'Licence'
+--------------------------------------------------------------------------
*/
if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
	exit;
}

if (isset($_GET['pid'])) {
// get product name
// use merchant product ids
	if ($navOpt[12] == 1) {
	$theprodID = 'merchantProdID';
	} else {
	$theprodID = 'dbProdID';
	}
$sql = sprintf("SELECT * FROM affiliSt_products1 WHERE prodDB = %d AND $theprodID = %s",
			quote_smart($_GET['proddb']),
			quote_smart($_GET['pid']));
$getPDetails = mysql_query($sql, $databaseConnect) or die(mysql_error());
$pDetails = mysql_fetch_assoc($getPDetails);
// get product comments
$getComments = mysql_query("SELECT * FROM affiliSt_comments WHERE attachedID = '".$pDetails['prodName']."' AND approve = '1' AND section = 'products' ORDER BY date DESC");
$comments = mysql_fetch_assoc($getComments);


} else if (isset($_GET['news'])) {
// get news comments
$sql = sprintf("SELECT * FROM affiliSt_comments WHERE attachedID = %s AND approve = '1' AND section = 'news' ORDER BY date DESC",
			quote_smart($_GET['news']));
$getComments = mysql_query($sql, $databaseConnect) or die(mysql_error());
$comments = mysql_fetch_assoc($getComments);

} else if (isset($_GET['merchant'])) {
// get merchant comments
$sql = sprintf("SELECT * FROM affiliSt_comments WHERE attachedID = %s AND approve = '1' AND section = 'stores' ORDER BY date DESC",
			quote_smart($_GET['merchant']));
$getComments = mysql_query($sql, $databaseConnect) or die(mysql_error());
$comments = mysql_fetch_assoc($getComments);

}



$box_content = new XTemplate ("skins/".$configSkin['value']."/styleTemplates/comments.tpl");

if ($comments['commentID'] != NULL && $navOpt[13] == 1) {

        do {		
					if (isset($_GET['merchant'])) {
					$box_content->assign("MERCHANTTITLE",'<h1>'.str_replace('-', ' ', strip_tags($_GET['merchant'])).' Store Review</h1>');
					}
					if ($comments['link'] != '' && $comments['link'] != 'http://') {
					$box_content->assign("COMMENTNAME",'<a href="'.$comments['link'].'" rel="external nofollow" target="_blank"><strong>'.$comments['name'].'</strong></a>');
					} else {
					$box_content->assign("COMMENTNAME",'<strong>'.$comments['name'].'</strong>');
					}
					$box_content->assign("COMMENTDATE",'<span style="color:#666666">('.date('d F Y', $comments['date']).')</span>');
					if (isset($_GET['pid']) || isset($_GET['merchant'])) {
						if (isset($_GET['merchant'])) {
						$ratingimage = 'tic';
						} else {
						$ratingimage = 'star';
						}
					$box_content->assign("RATING",'<img src="'.$installDir['value'].'skins/'.$configSkin['value'].'/styleImages/'.$comments['rating'].$ratingimage.'.gif" width="84" height="15" alt="Rating: '.$comments['rating'].'" /><br />');
					} else if (isset($_GET['news'])) {
					$box_content->assign("RATING",'');
					}
					$box_content->assign("COMMENTS",$comments['comments']);
					$box_content->parse("comments.li");
		
        } while ($comments = mysql_fetch_assoc($getComments));

$box_content->parse("comments");
$box_content = $box_content->text("comments");

} else {
$box_content->parse("nocomments");
$box_content = $box_content->text("nocomments");
}
?>